CVE-2023-41355
Published: 03 November 2023
Summary
CVE-2023-41355 is a critical-severity Improper Verification of Source of a Communication Channel (CWE-940) vulnerability in Nokia G-040W-Q Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 46.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-45858
Vulnerability details
Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of…
more
service or sensitive information leaking.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Enforces verification of the source of a communication channel by requiring identification and authentication of services first.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Requires explicit verification of the source and integrity of the channel used for authentication and other security functions.
Provides the means to verify the source of name-resolution responses instead of relying on unauthenticated channels.
Requires explicit verification of the communication source, blocking session hijacking via spoofed or alternate channels.
Directly implements checks on information inputs to reject invalid data before processing.
Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.